Cyber Resilience

CVE-2026-8631

CriticalUpdated

Published: 20 May 2026

Published
20 May 2026
Modified
30 June 2026
KEV Added
Patch
CVSS Score v4 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0133 67.6th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-8631 is a critical-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Hp Linux Imaging And Printing. Its CVSS base score is 9.3 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 32.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of privileges and/or arbitrary code execution via an integer overflow in the hpcups processing path when handling crafted print…

more

data.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Integer overflow in privileged print processing path directly enables local privilege escalation via crafted input leading to arbitrary code execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-8632Same product: Hp Linux Imaging And Printing
CVE-2025-21382Shared CWE-122, CWE-190
CVE-2025-11531Same vendor: Hp
CVE-2026-2915Same vendor: Hp
CVE-2026-42896Shared CWE-122, CWE-190
CVE-2025-26506Same vendor: Hp
CVE-2025-26507Same vendor: Hp
CVE-2026-40403Shared CWE-122
CVE-2025-21418Shared CWE-122
CVE-2026-25173Shared CWE-122, CWE-190

Affected Assets

hp
linux imaging and printing
≤ 3.26.4

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References